daniel/dotfiles
1
0
Fork 0
Code Activity Actions

WIP: mosquitto config

Browse source
This commit is contained in:
Daniel Kempkens 2022-07-31 00:36:06 +02:00
parent 3a489b7851
commit bf0732c6ae
4 changed files with 65 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
container/webserver.nix
View file

@ -1,43 +0,0 @@
{
virtualisation.arion.projects.webserver.settings = {
services = {
ipv6nat = {
service = {
image = "robbertkl/ipv6nat:latest";
name = "ipv6nat";
restart = "always";
capabilities = {
ALL = false;
NET_ADMIN = true;
NET_RAW = true;
};
network_mode = "host";
volumes = [
"/var/run/docker.sock:/var/run/docker.sock:ro"
];
};
};
ifconfig-sexy = {
service = {
image = "ghcr.io/nifoc/ifconfig.sexy-caddy:master";
restart = "always";
networks = [ "webserver" ];
};
};
};
networks.webserver = {
driver = "bridge";
enable_ipv6 = true;
ipam = {
driver = "default";
config = [
{
subnet = "fd00:dead:beef::/48";
}
];
};
};
};
}

6
container/webserver/config/mosquitto.nix Normal file
View file

@ -0,0 +1,6 @@
{
environment.usr."local/etc/container-webserver/mosquitto/mosquitto.conf".text = ''
listener 1883
password_file /mosquitto/config/users.conf
'';
}

58
container/webserver/default.nix Normal file
View file

@ -0,0 +1,58 @@
let
config-mosquitto = import ./config/mosquitto.nix;
in
{
virtualisation.arion.projects.webserver.settings = {
services = {
ipv6nat = {
service = {
image = "robbertkl/ipv6nat:latest";
name = "ipv6nat";
restart = "always";
capabilities = {
ALL = false;
NET_ADMIN = true;
NET_RAW = true;
};
network_mode = "host";
volumes = [
"/var/run/docker.sock:/var/run/docker.sock:ro"
];
};
};
ifconfig-sexy = {
service = {
image = "ghcr.io/nifoc/ifconfig.sexy-caddy:master";
restart = "always";
depends_on = [ "ipv6nat" ];
networks = [ "webserver" ];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.ifconfig-sexy-http.rule" = "Host(`ifconfig.sexy`, `www.ifconfig.sexy`, `4.ifconfig.sexy`, `6.ifconfig.sexy`)";
"traefik.http.routers.ifconfig-sexy-http.entrypoints" = "web";
"traefik.http.routers.ifconfig-sexy-http.middlewares" = "https-redirect@file";
"traefik.http.routers.ifconfig-sexy.rule" = "Host(`ifconfig.sexy`, `www.ifconfig.sexy`, `4.ifconfig.sexy`, `6.ifconfig.sexy`)";
"traefik.http.routers.ifconfig-sexy.entrypoints" = "websecure";
"traefik.http.routers.ifconfig-sexy.tls" = "true";
"traefik.http.routers.ifconfig-sexy.tls.certresolver" = "cfresolver";
"traefik.http.routers.ifconfig-sexy.middlewares" = "non-www-redirect@file, content-compression@file";
};
};
};
};
networks.webserver = {
driver = "bridge";
enable_ipv6 = true;
ipam = {
driver = "default";
config = [
{
subnet = "fd00:dead:beef::/48";
}
];
};
};
};
} // config-mosquitto

2
system/hosts/sail.nix
View file

@ -11,7 +11,7 @@ in
../nixos/git.nix ../nixos/git.nix
../nixos/arion.nix ../nixos/arion.nix
../../container/webserver.nix ../../container/webserver
]; ];
nix = { nix = {